IPv6:
The Check Point architecture gives administrators a smooth and secure migration path to IPv6.
Many networks still use IPv4, and some applications cannot be upgraded to support IPv6.
For this reason, the Check Point IPv6 solution includes full support for legacy IPv4. In fact,
while IPv6 support is optional, you cannot disable IPv4 support.
The Check Point IPv6 solution includes Dual Stacks, which support the two IP versions.
It does this by using different IPv4 and IPv6 stacks simultaneously. The Check Point Dual
Stack also solution uses two different kernel drivers: One for IPv4 traffic and one for IPv6 traffic.
Supported Check Point Features:
Supported Platforms: Gaia, SecurePlatform and IPSO.
Access Control Rules - IPv6 Hosts and IPv6 networks can be configured in Firewall Rule base.
User defined ICMPv6 services.
Anti-Spoofing.
IPS protections:Port Scan,Aggressive Aging,Max Ping Size Limit,Small PMTU.
Acceleration by SecureXL (SecurePlatform and Gaia only).
ClusterXL High Availability (SecurePlatform and Gaia only).
CoreXL (SecurePlatform and Gaia only).
SmartView Tracker support with IPv6 filtering.
IPv6 Specific Functionality:
IPv6 extension headers can be allowed or blocked.
IPv6 Fragmentation headers are fully inspected.
6in4 tunnel traffic can be allowed or blocked.
IPv6 traffic in 6in4 tunnels can be inspected (SecurePlatform and Gaia only).
Non-Supported Features:
IPS (except for protections shown above).
**NAT.
Application & URL Filtering.
IPSec VPN (This feature was previously supported R70 IPv6Pack).
Anti-Spam & Mail.
Anti-Virus.
DLP.
QoS.
**NAT is not a concept of IPv6.
IPV6 address configuration on Gateway:
*******************************************************************************
1. Log in to SecurePlatform (expert mode).
2. Go to the /etc/rc.d/rc3.d directory and create a new script, named S11ipv6.:
# vi S11ipv6
3.add the following lines in S11ipv6 script:
#!/bin/sh
modprobe ipv6
/sbin/ip -6 addr add ipv6-address/subnet-mask dev Interface-name
/sbin/ip -6 addr add ipv6-address/subnet-mask dev Interface-name
Example:
#!/bin/sh
modprobe ipv6
/sbin/ip -6 addr add 2001:1:1::1/64 dev eth0
/sbin/ip -6 addr add 2001:1:1:1::1/64 dev eth1
Note: The command is required for each interface that is configured with an IPv6 address.
-- Save the script.
4.Assign the S11ipv6 script execute permission :
# chmod 777 S11ipv6
5.Run the S11ipv6 file
# sh S11ipv6
6.Enable IPv6 by running the command :
#$FWDIR/scripts/fwipv6_enable on
7.Turn on IPv6 forwarding by running the command :
# echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
8. Verify IPV6 address using commmand:
#ifconfig
IPV6 address configuration on Windows Machine:
******************************************************************
No comments:
Post a Comment